PCI Compliance

Since a primary motivation for cyber attacks has been financial gains, credit card information has been a leading target for hackers. Naturally, payment card systems have become a favorite for cyber criminals eager to make a quick dollar due to the amount of confidential information they send and receive every single day. Especially in our modern society where online sales dominate and the utilization of wireless/mobile payment systems becoming increasingly popular, it’s become paramount to prioritize your security and gain trust with your customers.

IoT Creates a New Attack Vector

As wireless and IoT technologies became more commonplace, we’re observing a shift in retail from wired to wireless connected devices. From PoS systems to inventory scanners, these devices are all sending confidential information through the airspace now. As retailers adopt IoT to streamline their daily operations and create gains in productivity and convenience, the reality is that many of these IoT and wireless devices weren’t designed with security in mind. They are commonly designed with security as an afterthought, resulting in unknown backdoors and superfluous USB ports that hackers can take easily take advantage of to compromise and gain access to the device. All of this this presents a new challenge to Retailers.

As retailers broaden their deployments leveraging IoT, the wireless infrastructure becomes exponentially more complex and security risks increase. A passive approach is to deploy distributed sensors that do not connect to the ethernet network, and remain autonomous in the environment. This eliminates any risk to the cardholder environment or payment network directly, and allows risks and threats to be reported back through an out-of-band method over LTE to the cloud. The SaaS can report and notify the team of identified threats to allow quick time to resolution, as well as automated mitigation approaches to minimize the window of opportunity for an attacker. This not only achieves PCI Compliance, but provides an audit trail of activity and reporting for the IT and Security teams.